I got many such security event logs with user SYSTEM.
My question is how can this happen? How to prevent this happen again?
Thanks a lot.
↧
Logs in Event Viewser Security: Type: Failure Audit, Source: security, category: logon/logoff
↧
Windows Event Forwarding - Collector vs Source Initiated Subscriptions
Starting to play with WEF as part of a a project. What I am wondering is what is the difference between collector initiated subs vs source initiated subs? Is is just how the subscription getsdeployed to the target i.e. pushed from collector or set via GPO ? I assume the collector neverpulls events from the sources as this would seem very inefficient?
↧
↧
PKI CA- NPS with existing CA
I am building CA PKI from scratch and existing CA are installed on DC & NPS - I have removed from DC - no problems. I have removed from NPS - radius stopped working. CA does not have to be installed on NPS - correct?
Also,I wasI able to setup standalone CA root - but could not setup CA SUB enterprise using this
I dont know what I am missing. We use Aerohive with radius.
ME
↧
Certificates for Single forest Single domain to Single forest Multi domain
Hi All,
Currently we are having Single Forest and Single Domain AD environment. We are having 3 issuing CA and one offline Root CA. All the 25000 users and computers are getting certificates from these CAs.
Now our customer is having a plan to introduce new child domain in the forest. Is it possible to use the existing Issuing CA for issue certificate to the new child domain.
The existing templates are using Display name, domain name and SPN for using the subject name and Subject Alternative Name in each certificates.
Can i use the existing CA for issue certificate to the new child domain users and computers.
Thanks and Regards,
Hariharan
↧
smartcard login and revoke question
I have a question about using smartcard login, i have purchase a few smartcard for testing, after installing a AD Certificate service. I enroll an user certificate on behalf of an user on a smartcard
With the smartcard i can login as the user without problem.
But when i revoke the certificate on the Certificate server, somehow i can still login with the smartcard (Even on a new computer where the smartcard never been use before).
And only after 3 days i got an error message state that the certificate has been revoke and i cant longer login with the smartcard.
I was wondering if anyone can help me with this?
my testing environment has
2DC, 1 AD CS and several windows 10 client pc.
↧
↧
Enterprise CA Active Directory Certificate Service won't start
Hi,
we have single Enterprise Root CA on Windows Server 2008 R2 Datacenter.
Today I discovered on my Exchange Server that the certificate issued by this CA have status: The certificate could not be determined because the revocation check failed"
I started digging and I discover the certification services are not running in the certsrv console as well as Active Directory Certificate Service.
Every time when I try to start the service I get error 100 in Application log:
Active Directory Certificate Services did not start: Could not load or verify the current CA certificate. MainCA Keyset does not exist 0x80090016 (-2146893802).
and 7024 in the system log:
The Active Directory Certificate Services service terminated with service-specific error %%-2146893802.I made certutil getreg with result (serials, hashes etc. are fake - I changed them for privacy reasons):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\MainCA:
Keys:
CSP
EncryptionCSP
ExitModules
PolicyModules
Values:
DSConfigDN REG_SZ = CN=Configuration,DC=corp,DC=in,DC=net
DSDomainDN REG_SZ = DC=corp,DC=in,DC=net
ViewAgeMinutes REG_DWORD = 10 (16)
ViewIdleMinutes REG_DWORD = 8
CAType REG_DWORD = 0
ENUM_ENTERPRISE_ROOTCA -- 0
UseDS REG_DWORD = 1
ForceTeletex REG_DWORD = 12 (18)
ENUM_TELETEX_AUTO -- 2
ENUM_TELETEX_UTF8 -- 10 (16)
SignedAttributes REG_MULTI_SZ =
0: RequesterName
EKUOIDsForPublishExpiredCertInCRL REG_MULTI_SZ =
0: 1.3.6.1.5.5.7.3.3 Code Signing
1: 1.3.6.1.4.1.311.61.1.1 Kernel Mode Code Signing
CommonName REG_SZ = MainCA
Enabled REG_DWORD = 1
PolicyFlags REG_DWORD = 0
CertEnrollCompatible REG_DWORD = 0
CRLEditFlags REG_DWORD = 100 (256)
EDITF_ENABLEAKIKEYID -- 100 (256)
CRLFlags REG_DWORD = 2
CRLF_DELETE_EXPIRED_CRLS -- 2
InterfaceFlags REG_DWORD = 40 (64)
IF_NOREMOTEICERTADMINBACKUP -- 40 (64)
EnforceX500NameLengths REG_DWORD = 1
SubjectTemplate REG_MULTI_SZ =
0: EMail
1: CommonName
2: OrganizationalUnit
3: Organization
4: Locality
5: State
6: DomainComponent
7: Country
ClockSkewMinutes REG_DWORD = a (10)
LogLevel REG_DWORD = 3
HighSerial REG_DWORD = 0
CAServerName REG_SZ = srv-dc1.corp.in.net
ValidityPeriod REG_SZ = Years
ValidityPeriodUnits REG_DWORD = 2
KRACertHash REG_MULTI_SZ =
KRACertCount REG_DWORD = 0
KRAFlags REG_DWORD = 0
CRLPublicationURLs REG_MULTI_SZ =
0: 65:C:\WINDOWS\system32\CertSrv\CertEnroll\%3%8%9.crl
CSURL_SERVERPUBLISH -- 1
CSURL_SERVERPUBLISHDELTA -- 40 (64)
1: 79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
CSURL_SERVERPUBLISH -- 1
CSURL_ADDTOCERTCDP -- 2
CSURL_ADDTOFRESHESTCRL -- 4
CSURL_ADDTOCRLCDP -- 8
CSURL_SERVERPUBLISHDELTA -- 40 (64)
2: 6:http://%1/CertEnroll/%3%8%9.crl
CSURL_ADDTOCERTCDP -- 2
CSURL_ADDTOFRESHESTCRL -- 4
3: 0:file://\\%1\CertEnroll\%3%8%9.crl
CRLPeriod REG_SZ = Weeks
CRLPeriodUnits REG_DWORD = 1
CRLOverlapPeriod REG_SZ = Hours
CRLOverlapUnits REG_DWORD = 0
CRLDeltaPeriod REG_SZ = Days
CRLDeltaPeriodUnits REG_DWORD = 1
CRLDeltaOverlapPeriod REG_SZ = Minutes
CRLDeltaOverlapUnits REG_DWORD = 0
CAXchgValidityPeriod REG_SZ = Weeks
CAXchgValidityPeriodUnits REG_DWORD = 1
CAXchgOverlapPeriod REG_SZ = Days
CAXchgOverlapPeriodUnits REG_DWORD = 1
MaxIncomingMessageSize REG_DWORD = 10000 (65536)
MaxIncomingAllocSize REG_DWORD = 10000 (65536)
CACertPublicationURLs REG_MULTI_SZ =
0: 1:C:\WINDOWS\system32\CertSrv\CertEnroll\%1_%3%4.crt
CSURL_SERVERPUBLISH -- 1
1: 3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
CSURL_SERVERPUBLISH -- 1
CSURL_ADDTOCERTCDP -- 2
2: 2:http://%1/CertEnroll/%1_%3%4.crt
CSURL_ADDTOCERTCDP -- 2
3: 0:file://\\%1\CertEnroll\%1_%3%4.crt
CACertHash REG_MULTI_SZ =
0: 58 21 22 81 89 24 58 17 9b 5e e8 7e 68 c0 29 e1 7b fa 3c fc
1: 58 fe b7 07 c6 8d 8a b2 81 39 d5 05 fc 94 5c 9d a4 f7 df 9f
2: 13 18 d8 c7 0d 18 86 2a 96 11 22 b0 a7 06 3b 39 f2 e6 7e c5
Security REG_BINARY =
Allow CA Administrator BUILTIN\Administrators
Allow Certificate Manager BUILTIN\Administrators
Allow CA Administrator corp\Administratorzy domeny
Allow Certificate Manager corp\Administratorzy domeny
Allow CA Administrator corp\Administratorzy przedsiębiorstwa
Allow Certificate Manager corp\Administratorzy przedsiębiorstwa
Allow Enroll NT AUTHORITY\Authenticated Users
SetupStatus REG_DWORD = 3
SETUP_SERVER_FLAG -- 1
SETUP_CLIENT_FLAG -- 2
CRLDeltaNextPublish REG_BINARY = 2019-05-06 15:42
CRLAttemptRepublish REG_DWORD = 0
CRLNextPublish REG_BINARY = 2019-05-09 15:42
CAXchgCertHash REG_MULTI_SZ =
0: bf 96 17 18 9d 98 5c 25 93 bb 56 9c e7 14 19 e5 a7 76 fb 8e
CertUtil: -getreg command completed successfully.
certutil verify
MY
================ Certificate 0 ================
Serial Number: 1968e0ed000200000119
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2018-03-16 10:14
NotAfter: 2019-03-16 10:14
Subject: CN=CAMAIN-01.corp.in.net
Certificate Template Name (Certificate Type): Machine
Non-root Certificate
Template: Machine, Computer
Cert Hash(sha1): 6d 9b eb 74 47 09 6a dc 5c 28 f0 cf eb 49 45 32 02 da cd ee
Key Container = fc78d60ae22b568e66eff352a021343d_f0b4cd2b-ef1d-431d-96df-40ec35546606
Simple container name: le-Machine-0a299bad-3c54-4a67-a5d9-8ed13770a19c
Provider = Microsoft RSA SChannel Cryptographic Provider
Private key is NOT exportable
Encryption test passed
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwRevocationFreshnessTime: 66 Days, 21 Hours, 28 Minutes, 49 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwRevocationFreshnessTime: 66 Days, 21 Hours, 28 Minutes, 49 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000041
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2018-03-16 10:14
NotAfter: 2019-03-16 10:14
Subject: CN=CAMAIN-01.corp.in.net
Serial: 1988e0ed000200000117
SubjectAltName: DNS Name=CAMAIN-01.corp.in.net
Template: Machine
6d 9b eb 74 f9 09 6a dc 5c 28 f0 cf 47 49 45 32 01 da cd ee
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
CRL 134b:
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
a2 df ec ba 96 ce 27 35 f4 c8 8c b7 b6 74 16 d9 3b 6a e9 67
Delta CRL 134e:
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
ed 86 3f 03 e0 62 c6 70 02 e9 ff 62 7a b3 4c ca 0f 78 06 2d
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2018-02-16 14:18
NotAfter: 2023-02-17 14:27
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Serial: 042eae9324c0a49a4c069f358074b0a6
Template: CA
13 fe d7 c7 0d f8 86 2a 96 11 22 b0 a8 05 3b 39 f2 e6 5f c5
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Exclude leaf cert:
6f aa 6c e3 f0 94 3e 50 12 df cb 73 07 33 66 b4 59 0d 03 7e
Full chain:
ef fc d2 4e ec ea 5a 5f cb 15 61 95 96 65 d2 43 9a 36 f9 73
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2018-03-16 10:14
NotAfter: 2019-03-16 10:14
Subject: CN=CAMAIN-01.corp.in.net
Serial: 1987e0ed000100000117
SubjectAltName: DNS Name=CAMAIN-01.corp.in.net
Template: Machine
6d 9b eb 74 f9 09 5a dc 5c 28 f0 df 47 49 45 32 01 da cd ee
A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495)
------------------------------------
Expired certificate
================ Certificate 1 ================
Serial Number: 41f04bcda30394be48eeb6c39b1fa703
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2008-02-19 13:03
NotAfter: 2018-02-05 14:01
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Certificate Template Name (Certificate Type): CA
CA Version: V1.0
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template: CA, Root Certification Authority
Cert Hash(sha1): 58 21 b7 07 c6 fe 8a c2 81 39 d5 05 fc 94 4c 9d a4 f7 3c 9f
Key Container = MainCA
Unique container name: c5cb376f90a3a41e99b869fdc03add54_f0b6dd2b-ef1d-431d-96df-40ec36646606
Provider = Microsoft Strong Cryptographic Provider
Signature test passed
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=21
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2008-02-19 13:03
NotAfter: 2018-02-05 14:01
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Serial: 41f05bcda30394be49eeb6c39b1fa703
Template: CA
58 21 b7 07 c6 fe 8a c2 81 39 d5 04 fc 94 5c 9d a4 f7 3c 9f
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
Exclude leaf cert:
da 39 a3 ee 5e 6b 4b 0d 32 45 bf ef 95 60 17 90 af d8 07 09
Full chain:
58 21 b7 07 c6 ce 8a b2 81 39 d5 05 fc 94 5c 9d a4 f7 3c 9f
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2008-02-19 13:03
NotAfter: 2018-02-05 14:01
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Serial: 41f05bcda30394be49eeb6c39b1fa703
Template: CA
58 21 b7 07 c6 fe 8a c2 81 39 c5 05 fc 94 5c 9d a4 f7 3c 9f
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487)
------------------------------------
Verifies against UNTRUSTED root
================ Certificate 2 ================
Serial Number: 4a24085abfb30692497eada7d45cccf7
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2008-02-19 13:03
NotAfter: 2013-02-19 13:12
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Certificate Template Name (Certificate Type): CA
CA Version: V0.0
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template: CA, Root Certification Authority
Cert Hash(sha1): 58 18 21 81 89 24 92 17 9b 5c e8 7f 68 c0 29 e1 7b fa df fc
Key Container = MainCA
Unique container name: c5cb376a90e3a41e99b879fdc03add54_f0b6cd2b-ef1d-431d-96df-40cc36646606
Provider = Microsoft Strong Cryptographic Provider
Signature test passed
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
CertContext[0][0]: dwInfoStatus=10c dwErrorStatus=21
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2008-02-19 13:03
NotAfter: 2013-02-19 13:12
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Serial: 5a24084abfc30692497eada7d45dccf7
Template: CA
58 18 22 81 89 14 92 16 9b 5e e8 7e 68 c0 29 a1 7b fa df fc
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_IS_NOT_TIME_VALID (0x1)
Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
Exclude leaf cert:
da 39 a3 ee 5c 6b 4b 0d 32 45 bf ef 95 60 18 91 af d8 07 09
Full chain:
58 18 22 81 88 24 92 17 9b 5c e8 7e 68 c0 29 a1 7b fa df fc
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2008-02-19 13:03
NotAfter: 2013-02-19 13:12
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Serial: 5a24085abfa31692497aada7d45dccf7
Template: CA
58 18 22 81 79 24 92 17 8b 5e e8 7e 68 c0 29 e1 7a fa df fc
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109 (-2146762487)
------------------------------------
Verifies against UNTRUSTED root
================ Certificate 3 ================
Serial Number: 043eae9324c1e49a4c069f349074b0a6
Issuer: CN=MainCA, DC=corp, DC=in, DC=net
NotBefore: 2018-02-16 14:18
NotAfter: 2023-02-17 14:27
Subject: CN=MainCA, DC=corp, DC=in, DC=net
Certificate Template Name (Certificate Type): CA
CA Version: V2.2
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template: CA, Root Certification Authority
Cert Hash(sha1): 13 fa d8 d7 0d f8 86 2a 96 21 22 b0 a7 06 3b 49 f2 e6 5f b5
Key Container = MainCA(2)
Provider = Microsoft Strong Cryptographic Provider
Encryption test FAILED
Verified Issuance Policies: All
Verified Application Policies: All
Certificate is valid
CertUtil: -verifystore command completed successfully.
Because the service is not running I can not create a backup of CA. I have last backup from 2012.
I have latest Certificate (Serial Number: 043eae9324c1e49a4c069f349074b0a6) with private key stored in secure place.
What can I do in this situation?
Can you help me please with this issue?
↧
Event Log Forwarding - View Subscriptions at Source
At the source system how does one view the configured events being forwarded (be they configured using GPO or collector initiated) ? I understand the push/pull options to get the subscription to the source but where are those subscriptions stored/defined
once the subscription definitions are set?
↧
PEM Key Login
Hello everyone
Clear me this...Is PEM key login possible in windows?
If yes , help me with the procedure.
↧
Security Update for Microsoft Windows (KB4503267) Problem
Good day Experts
Just want to make you and Microsoft aware of the problem with Security Update for Microsoft Windows (KB4503267) Problem.I installed the update on my Backup Server connected directly to my Dell storage using Iscsi and the update disconnected the Iscsi.I removed the update and Iscsi started working again.
Is there some solutions that one is aware to have the update and still have my Storage working,Is Microsoft resolving the problem?
↧
↧
I think i am being probed or even actively hacked
I have a client with a windows 2008 r2 server ( they are not willing to upgrade) we use it for 2 functions. It acts as a primary domain controller with DNS and runs a vm for quickbooks and a time clock app. recently i got a call that a scanner was not working and found that the account was locked in active directory. I was going through the event logs to see what could have happened since nothing had changed and ran across something disturbing.
found current failed attempts to logon by 3 nonexistent users. they use a name with 4 digit behind it i.e vasiliy0180 or lab1 and there is another. I don't know what is happening. I have run all my virus/malware scans and found nothing. I don't know that much about the os and am just trying to do the best I can for my telecom customer.
Thanks,
Joe
↧
Failed to renew Certificate using 'certreq'
Hi,
I am trying to renew a certificate using certreq command but it is throwing an error message as "No certificate available". But the certificate exists.Command used is mentioned below:
C:\ certreq -enroll -machine -cert "6c 00 00 00 b1 e2 09 bb c1 f5 6b a6 49 00 00 00 00 00 b1" Renew
Certificate Request Processor: The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
Please suggest me the possible reasons for this issue and how it can be resolved.
Regards,
Bhasha Agrawal
↧
SecurityProviders\SCHANNEL\Ciphers
I am trying to disable insecure ciphers and enable secure ciphers in the registry. I have found Powershell code that adds registry entries to disable / enable ciphers in SCHANNEL in two different ways. One creates sub keys and the other doesn’t. I am not sure what the correct way is. Can someone tell me which one is correct and why? I am including code samples and would include screen shots to better illustrate this behavior but am blocked from adding images.
First code sample
# - Disable RC4 40-bit Cipher -
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40"
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128" -name "Enabled" -value 0 -PropertyType "Dword"
# - Disable RC4 56-bit Cipher -
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56"
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128" -name "Enabled" -value 0 -PropertyType "Dword"
# - Disable RC4 65-bit Cipher -
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64"
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128" -name "Enabled" -value 0 -PropertyType "Dword"
Second code sample.
# Disable insecure ciphers RC4 40-bit, RC4 56-bit, RC4 64-bit
$insecureCiphers = 'RC4 40/128','RC4 56/128','RC4 64/128'
Foreach ($insecureCipher in $insecureCiphers) {
$key = (Get-Item HKLM:\).OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey($insecureCipher)
$key.SetValue('Enabled', 0, 'DWord')
$key.close()
Write-Host "$insecureCipher has been disabled"
}
↧
Cant access security properties as Administrator
Have a user stating she was denied access to a couple of newly created files, so I remoted in as Domain Admin and I am unable to see any of the security properties Is there a tool to force take ownership? Currently I cant see owner or replace
Thanks
Craig
Craig
↧
↧
Allow only one PC access to network share
I have a situation where I need to allow anyone on a specific computer to be able to read and write to a network share. I have tried to give the share and security to only the remote computer. It would not allow anyone to have access. I then added only authorized users which of course allowed everyone to have access . I have looked online and have not found any successful answers. Is this even possible?
↧
Windows Audit Log
I work as a Security Analyst, I have been going through the windows logs of a client organization. Where there's a lot of login success event at off
times. I would like to know, how to differentiate between a login attempt is an actual login or just some services getting login privileges windows?
↧
A few problems after restoring the Enterprise CA
I had a problem with the Enterprise CA, which I described
here.
Finally, I had to uninstall the CA role and add it again. Then I restored the database from the backup.
The CA role is running now and certificate requests are handled correctly. However, on the CA server I have several errors in the logs:
VSS - Warning 8230 Volume Shadow Copy Service error: Failed resolving account administrator with status 1376. Check connection to domain controller and VssAccessControl registry key.
CertificationAuthority - Error 75 Active Directory Certificate Services could not publish a Delta CRL for key 2 to the following location on server ... Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344).
Moreover, when I enter the CA property in certsrv, I have 3 certificates in the General tab (two old ones). However, in pkiview -> Manage AD Containers, I only have the current one:
I also noticed errors in the CDP Location and Delta CRL location:
certutil -CRL returns with error:
CertUtil: -CRL command FAILED: 0x80072098 (WIN32: 8344) CertUtil: Insufficient access rights to perform the operation.
I think that everything is related to each other.
Can anyone help me how to clean up here?
↧
PKI CA- NPS with existing CA
I am building CA PKI from scratch and existing CA are installed on DC & NPS - I have removed from DC - no problems. I have removed from NPS - radius stopped working. CA does not have to be installed on NPS - correct?
Also,I wasI able to setup standalone CA root - but could not setup CA SUB enterprise using this
I dont know what I am missing. We use Aerohive with radius.
ME
↧
↧
Domain Level GPO to download the Update form Microsoft Update
Hello All,
i have a requirement to download the update from Microsoft site using GPO , can someone send me process and settings to be done.
Also URL to receive patches from Microsoft.
Currently sever is pointed to download the updates from SCCM /WSUS , SCCM agent will create the local policy when it installed and connect to SCCM SUP/WSUS server for updates.
Paramesh KA
↧
Trying to keep challenge password for NDES/SCEP server migration
Is it possible to keep the challenge password between servers? I know the password is stored HKLM\Software\Microsoft\Cryptography\MSCEP\EncryptedPassword. Is it possible to save the encrypted password and paste it to the same registry key on the new server?
↧
Active Directory Certification services Problems , Event ID 74 , Event IS 75 , event ID 66
Hi guys,
Please give me some Idea's , how can I fix these problems, which i am facing.
I have migrated the AD CS Service from 2008R2 to 2012 R2 and I running now in Big Trouble. After migration i am having this errors and i dont know how can i solve it.
Event ID:
74 Active Directory Certificate Services could not publish a Base CRL for key 1 to the following location on server SVV-DC01.mydomain.de: ldap:///CN=Root-CA(1),CN=SVV-DC01,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=mydomain,DC=com. object not found. 0x8007208d (WIN32: 8333 ERROR_DS_OBJ_NOT_FOUND).ldap: 0x20: 0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=SVV-DC001,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=mydomain,DC=com'
Event ID 76:
Active Directory Certificate Services could not publish a Delta CRL for key 1 to the following location: ldap:///CN=Root-CA(1),CN=SVV-DC01,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=ruptly,DC=de. Vorgang abgebrochen 0x80004004 (-2147467260 E_ABORT).
and as well as Event ID 75,
Please Help me guys, i am really Stuck here.
thanks for understandin
I already have many computers in my Enviroment and this hard for me to install New again.
↧